APPARATUS AND METHOD FOR TYING CYBER-SECURITY RISK ANALYSIS TO COMMON RISK METHODOLOGIES AND RISK LEVELS

US 20160234239A1
Filed: 09/30/2015
Published: 08/11/2016
Est. Priority Date: 02/11/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks;

identifying, by the risk manager system, cyber-security risks in the connected devices;

assigning, by the risk manager system, a risk level to each of the identified cyber-security risks;

for each identified cyber-security risk, comparing by the risk manager system the assigned risk level to a first threshold and to a second threshold;

based on the comparisons, assigning, by the risk manager system, each identified cyber-security risk to a risk classification; and

displaying, by the risk manager system, a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides systems and methods for tying cyber-security risk analysis to common risk methodologies and risk levels. A method includes identifying a plurality of connected devices that are vulnerable to cyber-security risks and identifying cyber-security risks in the connected devices. The method includes assigning a risk level to each of the risks and comparing the risk levels to a first threshold and to a second threshold. The method includes assigning each identified cyber-security risk to a risk classification and displaying a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications.

16 Citations

View as Search Results

20 Claims

1. A method comprising:
- identifying, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks;
  
  identifying, by the risk manager system, cyber-security risks in the connected devices;
  
  assigning, by the risk manager system, a risk level to each of the identified cyber-security risks;
  
  for each identified cyber-security risk, comparing by the risk manager system the assigned risk level to a first threshold and to a second threshold;
  
  based on the comparisons, assigning, by the risk manager system, each identified cyber-security risk to a risk classification; and
  
  displaying, by the risk manager system, a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first threshold is a risk appetite and the second threshold is a risk tolerance.
  - 3. The method of claim 1, wherein the risk manager system also receives the first and second threshold from a user.
  - 4. The method of claim 1, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is less than both the first threshold and the second threshold to a low-priority classification or a notification classification.
  - 5. The method of claim 1, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to the first threshold but is less than the second threshold to a warning classification.
  - 6. The method of claim 1, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to both the first threshold and the second threshold to an alert classification.
  - 7. The method of claim 1, wherein the risk manager system prompts a user for an action in response to displaying the notification.

8. A risk manager system comprising:
- a controller; and
  
  a display, the risk manager system configured toidentify a plurality of connected devices that are vulnerable to cyber-security risks;
  
  identify cyber-security risks in the connected devices;
  
  assign a risk level to each of the identified cyber-security risks;
  
  for each identified cyber-security risk, compare the assigned risk level to a first threshold and to a second threshold;
  
  based on the comparisons, assign each identified cyber-security risk to a risk classification by the risk manager system; and
  
  display a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The risk manager system of claim 8, wherein the first threshold is a risk appetite and the second threshold is a risk tolerance.
  - 10. The risk manager system of claim 8, wherein the risk manager system also receives the first and second threshold from a user.
  - 11. The risk manager system of claim 8, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is less than both the first threshold and the second threshold to a low-priority classification or a notification classification.
  - 12. The risk manager system of claim 8, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to the first threshold but is less than the second threshold to a warning classification.
  - 13. The risk manager system of claim 8, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to both the first threshold and the second threshold to an alert classification.
  - 14. The risk manager system of claim 8, wherein the risk manager system prompts a user for an action in response to displaying the notification.

15. A non-transitory machine-readable medium encoded with executable instructions that, when executed, cause one or more processors of a risk manager system to:
- identify a plurality of connected devices that are vulnerable to cyber-security risks;
  
  identify cyber-security risks in the connected devices;
  
  assign a risk level to each of the identified cyber-security risks;
  
  for each identified cyber-security risk, compare the assigned risk level to a first threshold and to a second threshold;
  
  based on the comparisons, assign each identified cyber-security risk to a risk classification by the risk manager system; and
  
  display a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the first threshold is a risk appetite and the second threshold is a risk tolerance.
  - 17. The non-transitory machine-readable medium of claim 15, wherein the risk manager system also receives the first and second threshold from a user.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is less than both the first threshold and the second threshold to a low-priority classification or a notification classification.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to the first threshold but is less than the second threshold to a warning classification.
  - 20. The non-transitory machine-readable medium of claim 15, wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to both the first threshold and the second threshold to an alert classification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Koelemij, Sinclair, Knapp, Eric D.

Granted Patent

US 10,298,608 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 41/06   Management of faults, event...

H04L 63/1433   Vulnerability analysis

APPARATUS AND METHOD FOR TYING CYBER-SECURITY RISK ANALYSIS TO COMMON RISK METHODOLOGIES AND RISK LEVELS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR TYING CYBER-SECURITY RISK ANALYSIS TO COMMON RISK METHODOLOGIES AND RISK LEVELS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links